Watching Them, Watching Us

Unsurprisingly for the self confesses "I am not technical" former Home Secretary, Theresa May has used her Statement following the London Bridge
and Borough Market attacks, to renew her nonsense about alleged "Safe Spaces" for islamist extremism
on the Internet and at Home.

Last night, our country fell victim to a brutal terrorist attack once again. As a result I have just chaired a meeting of the government’s emergency committee and I want to update you with the latest information about the attack.

Shortly before 10:10 yesterday evening, the Metropolitan Police received reports that a white van had struck pedestrians on London Bridge. It continued to drive from London Bridge to Borough Market, where 3 terrorists left the van and attacked innocent and unarmed civilians with blades and knives.

All 3 were wearing what appeared to be explosive vests, but the police have established that this clothing was fake and worn only to spread panic and fear.

As so often in such serious situations, the police responded with great courage and great speed. Armed officers from the Metropolitan Police and the City of London Police arrived at Borough Market within moments, and shot and killed the 3 suspects. The terrorists were confronted and shot by armed officers within 8 minutes of the police receiving the first emergency call.

8 minutes is the length of Theresa May's statement. Ignore all the gun nuts who pretend that arming individual policemen would have killed the attackers any quicker.

Seven people have died as a result of the attack, in addition to the 3 suspects shot dead by the police. Forty-eight people are being treated in several hospitals across London. Many have life-threatening conditions.

On behalf of the people of London, and on behalf of the whole country, I want to thank and pay tribute to the professionalism and bravery of the police and the emergency services - and the courage of members of the public who defended themselves and others from the attackers. And our thoughts and prayers are with the victims and with their friends, families and loved ones.

This is, as we all know, the third terrorist attack Britain has experienced in the last 3 months. In March, a similar attack took place, just around the corner on Westminster Bridge. Two weeks ago, the Manchester Arena was attacked by a suicide bomber. And now London has been struck once more.

And at the same time, the security and intelligence agencies and police have disrupted 5 credible plots since the Westminster attack in March.

In terms of their planning and execution, the recent attacks are not connected. But we believe we are experiencing a new trend in the threat we face, as terrorism breeds terrorism, and perpetrators are inspired to attack not only on the basis of carefully-constructed plots after years of planning and training - and not even as lone attackers radicalised online - but by copying one another and often using the crudest of means of attack.

That must mean that the terrorist suspects have been identified between Commissioner of Police for the Metropolis Cressida Dick's statement earlier today that she
and Theresa May's statement, or is this just political licence with the facts ?

We cannot and must not pretend that things can continue as they are. Things need to change, and they need to change in 4 important ways.

First, while the recent attacks are not connected by common networks, they are connected in one important sense. They are bound together by the single, evil ideology of Islamist extremism that preaches hatred, sows division, and promotes sectarianism. It is an ideology that claims our Western values of freedom, democracy and human rights are incompatible with the religion of Islam. It is an ideology that is a perversion of Islam and a perversion of the truth.

Defeating this ideology is one of the great challenges of our time. But it cannot be defeated through military intervention alone. It will not be defeated through the maintenance of a permanent, defensive counter-terrorism operation, however skilful its leaders and practitioners. It will only be defeated when we turn people’s minds away from this violence - and make them understand that our values - pluralistic, British values - are superior to anything offered by the preachers and supporters of hate.

All very true, exactly what previous Prime Ministers e.g. Tony Blair have said time and time again

Second, we cannot allow this ideology the safe space it needs to breed. Yet that is precisely what the internet - and the big companies that provide internet-based services - provide. We need to work with allied, democratic governments to reach international agreements that regulate cyberspace to prevent the spread of extremism and terrorist planning. And we need to do everything we can at home to reduce the risks of extremism online.

We need Safe Spaces for Internet Free Speech and to do Digital Commerce, free from snooping by evil governments, corporations, criminals and terrorists.

Trying to clamp down on foreign internet companies providing End To End Encrypted services wil not stop terrorist extremists from recruiting or planning. It will destroy Freedom of Speech and the UK Digital Economy, which needs all the help it can get to survive the #Brexit disaster.

Is the UK Government really willing to hand over intelligence watchlists of terrorist sympathiser unconvicted *suspects* to foreign internet companies like FaceBook or Twitter so that they can pro-actively censor their social media ?

That seems unlikely.

Third, while we need to deprive the extremists of their safe spaces online, we must not forget about the safe spaces that continue to exist in the real world. Yes, that means taking military action to destroy ISIS in Iraq and Syria. But it also means taking action here at home. While we have made significant progress in recent years, there is - to be frank - far too much tolerance of extremism in our country.

So we need to become far more robust in identifying it and stamping it out - across the public sector and across society. That will require some difficult and often embarrassing conversations, but the whole of our country needs to come together to take on this extremism - and we need to live our lives not in a series of separated, segregated communities but as one truly United Kingdom.

Where exactly are these mythical "Safe Spaces" for islamist extremism in the Public Sector or in British Society ??

What precisely does she mean by "embarassing conversations", with whom ?

Fourth, we have a robust counter-terrorism strategy that has proved successful over many years. But as the nature of the threat we face becomes more complex, more fragmented, more hidden, especially online, the strategy needs to keep up. So in light of what we are learning about the changing threat, we need to review Britain’s counter-terrorism strategy to make sure the police and security services have all the powers they need.

We already have the most intrusive anti-terrorism legal powers in the world, including all encompassing Thought Crime laws, what more can they actually enforce properly ?

And if we need to increase the length of custodial sentences for terrorism-related offences, even apparently less serious offences, that is what we will do.

If there is little or no difference in the penalty for "serious" and "less serious" crimes, this will make it easier for terrorist recruiters to convert peripheral supporters into active terrorist atttackers - "in for a penny, in for a pound".

Again, this all sounds tediously familiar, just like previous Tory and labour governemts e.g. Tony Blair's ratcheting up of repressive terrorism laws.
Will the excerable Jeremy Corbyn and the current Labour control freaks also support this ?

Since the emergence of the threat from Islamist-inspired terrorism, our country has made significant progress in disrupting plots and protecting the public. But it is time to say enough is enough. Everybody needs to go about their lives as they normally would. Our society should continue to function in accordance with our values. But when it comes to taking on extremism and terrorism, things need to change.

As a mark of respect the 2 political parties have suspended our national campaigns for today. But violence can never be allowed to disrupt the democratic process. So those campaigns will resume in full tomorrow. And the general election will go ahead as planned on Thursday.

Few people will believe that this is a genuine mark of respect, it is more likely an excuse for the politicians (in all political parties)
to avoid embarassing questions about their failed / lack of coherent policies regarding terrorism.

Allowing the terrorists to disrupt the General Election in any way, is a victory for the the ideology that the Prime Minister so rightly condemned above.

As a country, our response must be as it has always been when we have been confronted by violence. We must come together, we must pull together, and united we will take on and defeat our enemies.

Duration of the consultation: We invite responses from 1 February 2017 to 3 April 2017.

Comments may be sent:
By email to pod@lawcommission.gsi.gov.uk
OR
By post to Criminal Law Team, Law Commission, 1st Floor, Tower, 52 Queen Anne’s
Gate, London, SW1H 9AG.
Tel: 020 3334 3100 / Fax: 020 3334 0201
If you send your comments by post, it would be helpful if, whenever possible, you could also send them electronically (for example, on CD or by email to the above address, in any
commonly used format).

However, their Threat Modelling seems incomplete. We need to ask ourselves exactly what exactly are we are trying to protect and from whom ? Expanding the definitions
to cover terrorist organisations rather than the undefined Enemy countries is ok, but it does nothing about "lone wolf" terrorists or fanatics.

It is all very well getting rid of restrictive pre WW1 terms like "models, sketches, drawings" etc. but there is only 1 passing reference to the Internet and mention of Protection of of Official MetaData or anything to do with Cryptography.

Nor are there any proposals to deal with the vast problem of Over Classification of government data and documents.

Will whistleblowers or journalists investigating UK #Brexit trade negotiating positions now fall foul of the new proposed legislation ?

Over the years, Spy Blog has, unfortunately, had to criticise the MI5 Security Service website for an unprofessional lack of security, seemingly every time the web site design has been revamped by c.f.

A wide range of hostile actorshttps://www.google.com/recaptcha/intro/index.html use cyber to target the UK. They include foreign states, criminals, "hacktivist" groups and terrorists. The resources and capabilities of such actors vary. Foreign states are generally equipped to conduct the most damaging cyber espionage and computer network attacks.

Hostile actors conducting cyber espionage can target the government, military, business and individuals.

Whilst the first two sections are important for the public image and reputation of MI5, the last two (Careers and Tip Off form) are of intense interest to our enemies.

Even the https:// only website does use a Digital Certificate with good Transport Layer Security configuration,

N.B. In common with GCHQ and MI6 there is no DNS entry for https://MI5.gov.uk i.e. without the "www."
This tends to confuse the dimmer "hackivists" who frequently claim that their "script kiddy" Denial of Service attacks have somehow magically succeeded in a "tango down" of a non-existent website URL.

Accessing the MI5 Security Service website may be illegal or dangerous if you are in e.g. the Middle East or Russia or China etc.
so, for obvious reasons, they claim to keep your communications with them confidential.

You may decide to use the increasingly popular Tor Browser to hide your originating IP address.

Why then does the MI5 website betray your web browser meta data to one and possibly two foreign companies based in the USA i.e. CloudFlare and Google reCaptcha ?

CloudFlare, whilst providing useful TLS and anti Denial of Service attack services, is under heavy criticism for forcing Tor users to fill in stupid Google reCapture puzzles #dontblocktorto proceed to a "protected" website.
This is a minor inconvenience for most people, but it is completely inappropriate for an intelligence agency website with sensitive recruitment and national security tip off form features.

i.e. there are image links which do not go to the local MI5 web server, or any web servers in the United Kingdom, but which are pulled from Google in California, USA
e.g. the Google reCaptcha refresh image (and all the street sign or river etc. reCapture image tiles)

but most people will have been tricked into handing over their meta data to these US companies and therefore to the US government (on demand), instead of just
sharing it with MI5 the Security Service in the United Kingdom

Apart from a very specific, rarely used scenario, involving intimate searches by police officers before medical personnel are available, Note how every single point has been ignored by the Home Office.

Intrusive Powers missing from the list of core powers of Police Constables

"Proposed ‘core’ list of powers that would only be available to police officers, i.e. would not

be available for designation to staff or volunteers

[...]

7. The two most intrusive powers under RIPA, i.e.
a. Requesting a warrant to intercept communications; and
b. Acting as a Covert Human Intelligence Source (i.e. an undercover officer)."

There are two more intrusive powers under the Regulation of Investigatory Powers Act 2000 (RIPA) which must *not* be delegated to non-Constables:

These intrusive powers are already too widely available to "any Constable" and should *only* be allowed to specialist IT trained teams of full Police Constables. It would be a disaster for public trust and confidence if these powers were to be delegated to staff and volunteers.

The Home Office's claims about Trust, Transparency and Accountability in the controversial "Snoopers'Charter" Draft Investigatory Powers Bill are worthless if these vast Police Powers under RIPA are farmed out to unaccountable Volunteers or commercially sub-contracted civilian Staff.

Intimate Searches and Intimate Body Samples

Intimate Searches including Stripping and searches of intimate body orifices and the sometimes forced taking of blood or other Intimate Body Samples are not mentioned on this core list of Police Constable powers.

It must therefore be assumed that the Home Office is planning to to allow these extremely intrusive powers to be farmed out to non-Constables.

This must *not* happen - it is likely to literally cause a riot.

Misconduct in Public Office must apply to Staff and Volunteers

Staff and Volunteers are not Police Officers or Officers of the Crown. Why should they simply face dismissal if they abuse Police Powers delegated to them, when a Police Constable doing exactly the same thing could face up to life in prison for Misconduct in Public Office ?

http://www.cps.gov.uk/legal/l_to_o/misconduct_in_public_office/

The offence of Misconduct in Public Office must be clearly and unambiguously extended to cover Staff and Volunteers who have been given Designated or Delegated Police Powers, in anticipation of when, not if, some of them abuse these powers.

Too complicated to be transparent, therefore illegal.

The current system of discretionary powers is already opaque and obscure - the general public has no means of telling exactly what powers a PCSO etc. has in one area compared with a person wearing a similar uniform and having the same designation in an other Police Force Area.

There is no central, easily accessible (e.g. via the world wide web) authoritative, up to date list of which Discretionary Powers are currently in force in which Police Force.

I challenge anyone reading this to find such a list on the internal Home Office or Police Force intranets, within 30 minutes, let alone on their public facing websites.

It is obvious that costly delays on the street will result from the even more complicated mish mash of proposed Discretionary and Delegated Police Powers.

Is, for example, a Escort Officer meant to get two seperate Designations, attend two different but equivalent training courses, from two neighbouring Police Forces before they can transfer arrestees across a Police Force boundary ?

What if the arrest is in Newcastle and the Police Station is in London ? Do they have to get rubber stamped by every Chief Constable along the route ?

Given the principles of natural justice and the legal precedents, it is likely that any such deliberately or negligently obscure system of police powers will be found to be illegal when, not if, cases are brought in the UK Supreme Court and the European Court of Human Rights and the European Court of Justice.

National police powers for each role, clearly stated in primary legislation

It would be better if Chief Constables had no discretion to designate or delegate any powers.

Neither should the Home Secretary be able to add to complexity and obscurity with Order making powers.

The powers of Police Constables, Police Community Support officers, Investigation Officers and Escort officers should be clearly laid out in the text of primary legislation.

Since there is at least one Police or Justice etc. Act every single Parliament, there is plenty of opportunity to amend such powers in the light of practical experience.

All such powers should apply Nationally, across all Police Force boundaries, just like those of full Police Constables.

JOINT COMMITTEE ON THE DRAFT INVESTIGATORY POWERS BILL
CALL FOR WRITTEN EVIDENCE

The Joint Committee on the Draft Investigatory Powers Bill, chaired by Lord Murphy of Torfaen, was appointed by the two Houses of Parliament in late November 2015 to consider the Draft Investigatory Powers Bill, which was presented to the two Houses on 4 November 2015. The Committee invites any interested individuals and organisations to submit evidence to this inquiry.

The Committee in particular will explore the key issues listed below in detail, and would welcome your views on any or all of the following questions. Please note that questions are not listed here in any particular order of importance.

Written evidence should arrive no later than 21 December 2015. Public hearings will be held in November and December 2015 and January 2016. The Committee has been asked to report to the Houses, with recommendations, in February 2016. The report will receive a response from the Government. The time available for the Committee’s inquiry is short, and its focus will be on the contents of the draft Bill rather than more general aspects of policy. The Committee will not consider as part of its inquiry the merits of individual cases which have been, or are now, subject to formal proceedings in courts or tribunals.

Overarching/thematic questions:

 Are the powers sought necessary?
o Has the case been made, both for the new powers and for the restated and clarified existing powers?

 Are the powers sought legal?

o Are the powers compatible with the Human Rights Act and the ECHR? Is the requirement that they be exercised only when necessary and proportionate fully addressed? Are they sufficiently clear and accessible on the face of the draft Bill? Is the legal framework such that CSPs (especially those based abroad) will be persuaded to comply? Are concerns around accessing journalists’, legally privileged and MPs' communications sufficiently addressed?

 Are the powers sought workable and carefully defined?

o Are the technological definitions accurate and meaningful (e.g. content vs communications data, internet connection records etc.)? Does the draft Bill adequately explain the types of activity that could be undertaken under these powers? Is the wording of the powers sustainable in the light of rapidly evolving technologies and user behaviours? Overall is the Bill future-proofed as it stands?

 Are the powers sought sufficiently supervised?

o Is the authorisation process appropriate? Will the oversight bodies be able adequately to scrutinise their operation? What ability will Parliament and the public have to check and raise concerns about the use of these powers?

Specific questions:

General

 To what extent is it necessary for
(a) the security and intelligence services and
(b) law enforcement to have access to investigatory powers such as those contained in the Draft Investigatory Powers Bill?

 Are there any additional investigatory powers that security and intelligence services or law enforcement agencies should have which are not included in the draft Bill?

 Are the new offences proposed in the draft Bill necessary? Are the suggested punishments appropriate?

 Are the proposed authorisation processes for such interception activities appropriate? Is the proposed process for authorising urgent warrants workable?

 Are the proposed safeguards sufficient for the secure retention of material obtained from interception?

 How well does the current process under Mutual Legal Assistance Treaties (MLATs) work for the acquisition of communications data? What will be the effect of the extra-territorial application of the provisions on communications data in the draft Bill?

Communications Data

 Are the definitions of content and communications data (including the distinction between 'entities' and 'events' sufficiently clear and practical for the purposes of accessing such data?

 Does the draft Bill allow the appropriate organisations, and people within those
organisations, access to communications data?

 Are there sufficient operational justifications for accessing communications data in bulk?

 Is the authorisation process for accessing communications data appropriate?

Data Retention

 Do the proposed authorisation regime and safeguards for bulk data retention meet the requirements set out in the CJEU Digital Rights Ireland and the Court of Appeal Davis judgments?

 Is accessing Internet Connection Records essential for the purposes of IP resolution and identifying of persons of interest? Are there alternative mechanisms? Are the proposed safeguards on accessing Internet Connection Records data appropriate?

 Are the requirements placed on service providers necessary and feasible?

Equipment Interference

 Should the security and intelligence services have access to powers to undertake
(a) targeted and
(b) bulk equipment interference? Should law enforcement also have access to such powers?

 Are the authorisation processes for such equipment interference activities appropriate?

 Are the safeguards for such activities sufficient?

Bulk Personal Data

 Is the use of bulk personal datasets by the security and intelligence services appropriate? Are the safeguards sufficient for the retention and access of potentially highly sensitive data?

Oversight

 What are the advantages and disadvantages of the proposed creation of a single Judicial Commission to oversee the use of investigatory powers?

 Would the proposed Judicial Commission have sufficient powers, resources and independence to perform its role satisfactorily?

 Are the appointment and accountability arrangements for Judicial Commissioners appropriate?

 Are the new arrangements for the Investigatory Powers Tribunal including the possibility of appeal adequate or are further changes necessary?

GUIDANCE FOR SUBMISSIONS

Written evidence should be submitted online using the written submission form available at www.parliament.uk/draft-investigatory-powers-submission-form. This page also provides guidance on submitting evidence.

If you have difficulty submitting evidence online, please contact the Committee staff by email to

draftinvestigatorypowersbill@parliament.uk

or by telephoning 020 7219 8443. The deadline for written evidence is 21 December 2015.

Short submissions are preferred. A submission longer than six pages should include a onepage
summary.

Paragraphs should be numbered. All submissions made through the written submission form will be acknowledged automatically by email.

Evidence which is accepted by the Committee may be published online at any stage; when it is so published it becomes subject to parliamentary copyright and is protected by parliamentary privilege. Submissions which have been previously published will not be accepted as evidence. Once you have received acknowledgement that the evidence has been accepted you will receive a further email, and at this point you may publicise or publish your
evidence yourself. In doing so you must indicate that it was prepared for the Committee, and you should be aware that your publication or re-publication of your evidence may not be protected by parliamentary privilege.

Personal contact details will be removed from evidence before publication, but will be retained by the Committee Office and used for specific purposes relating to the Committee's work, for instance to seek additional information.

Persons who submit written evidence, and others, may be invited to give oral evidence. Oral evidence is usually given in public at Westminster and broadcast online; transcripts are also taken and published online. Persons invited to give oral evidence will be notified separately of the procedure to be followed and the topics likely to be discussed.

Substantive communications to the Committee about the inquiry should be addressed through the clerk of the Committee, whether or not they are intended to constitute formal evidence to the Committee.

This is a public call for evidence. Please bring it to the attention of other groups and individuals who may not have received a copy direct.

You may follow the progress of the inquiry at www.parliament.uk/draft-investigatorypow

UPDATE 26th November 2015:
The Chairman of the Draft Investigatory Powers Bill Joint Committee has been appointed: Lord Murphy of Torfaen. Paul Murphy was a Labour Minister for Northern Ireland (and Wales) and was the Chair of the Intelligence and Security Committee from 2005 to 2008, which failed to properly investigate the 7/7 2005 London bombings (required a second investigative report in 2009 with Kim Howells as Chair).

Businessman, only member of previous Draft Communications Data Bill committee.

Note the preponderance of likely "gone native" politicians with "experience" of Policing and Intelligence agencies.

Who will be elected as Chair of this Joint Committee ? Lord Butler the supposedly Cross Bench former Cabinet Secretary ?

Only Lord Strasburger (Liberal Democrat) served on the previous Draft Communications Data Bill Joint Committee, although Lord Butler of Brockwell did scrutinise some of it as a then member of the Intelligence and Security Committee.

Will Her Majesty's Opposition hold the Government to account over this shoddy deception ? Or will the Corbynistas be overshadowed by the Scottish Nationalists ? Will the handful of Conservative MPs who seem to care about liberty and privacy and freedom have any effect on the Government ?

Chris Bryant, who lead this Emergency Debate, made a lot of sense in his analysis of the current Wilson Doctrine debacle, but the attitude of the rest of the Labour party, almost none of whom bothered to turn up, is still suspiciously unclear.

He rightly chided the Home Secretary for rushing through the Data retention and Investigatory powers Act in a single day, and hoped that the forthcoming Investigatory Powers Bill which might be able to ut the Wilson Doctrine or similar into law would not be similarly rushed through.

Andy Burnham (Lab) the Shadow Home Secretary turned up for a bit, and lurked next to Chris Bryant, but did not bother to speak

Where was the Deputy Leader Tom Watson (Lab), who is supposed to be a patron of the Open Rights Group and who did ask the Question which prompted Theresa May's "caveated statement" on the Wilson Doctrine earlier this year ? ?

Where were the Corbynistas ?

Dominic Grieve's contribution to the debate was restricted to promising that as Chair of the Intelligence and Security Committee, the Committee would consider MP and Constituency interception procedures along with other legally privileged lawyers and journalists etc.

Given the other things they must look into, it is unclear if they will contribute anything before the full Investigatory Powers Bill is set in motion early next year.

Peter Bone yet again asked the Home Secretary how many MPs have had their telephones intercepted since 1966. Her silence confirms that the number is clearly not zero, making a mockery of even the very narrow definition of the Wilson Doctrine which is now being spun by the Government.

David Davis correctly summed up the Wilson Doctrine is effectively dead:

"the doctrine is dead. Whether or not it is legally dead, it is in practice dead. It is dead in the eyes of the people--whistleblowers, campaigners and so on--who might come to us, and we have to do something to replace it."

He also mentioned the vital importance of metadata, which the Wilson Doctrine sneakily does not "protect".

Spy Blog would also like to see protection for Constituents, Campaigners, Journalists, Whistleblowers and other elected representatives all the other RIPA an non-IPA surveillance techniques included in the new Investigatory Powers Bill e.g. MetaData / Communications data / Traffic Data (RIPA 2000 Part II) , compelled access access to Encrypted Data (RIPA III), CHIS Covert Human Intelligence Sources (informers and infiltrators), bugging and tracking devices (Police Act 1997 Part III) etc.

The Scottish Nationalist Party outnumbered the Labour Party and emphasised the need for Scottish Parliament, Welsh Assembly, Northern Ireland Assembly and UK Members of the European Parliament to have their communications with constituents and whistleblowers etc. protected.

The 3 MPs from Northern Ireland pointed out what even Theresa May admitted was a "conundrum" - it is unclear with the shifting changes made in secret to the Intelligence Agencies Guidance, did the Wilson Doctrine apply or not apply to those "double dipping" Members of Parliament MPs who were also simultaneously Members of the Legislative Assembly (MLA) ?

Caroline Lucas of course was a party to the the Investigatory Powers Tribunal case and mentioned the point Spy Blog noticed that even though the Wilson Doctrine has no legal power, neither do the Draft Code of Practice (not yet presented to, let alone approved by Parliament) nor the internal Intelligence Agency Guidance.

The lack of interest in their constituents' privacy and liberties shown by the absent MPs does not bode well for the forthcoming Draft Investigatory Powers Bill.

The secretive Investigatory Powers Tribunal, which always seems to side with the Whitehall securocrats at the expense of ordinary, innocent people, has done it again with their judgment on the Wilson Doctrine

Spy Blog has always assumed that the deliberate vagueness and extreme brevity of any official Answers to Parliamentary Questions about the Wilson Doctrine, even as it has changed slightly over the years, meant that the public and Parliamentarians were being lied to by Downing Street regarding the confidentiality of the communications between Members of Parliament and their Constituents.

The Tribunal heard and resolved issues relating to the status, meaning and effect of what has been called the Harold Wilson Doctrine, or the Wilson Doctrine, originating in the statement in the
House of Commons on 17 November 1966 by the Rt Hon Harold Wilson, the then Prime Minister. The Tribunal made declarations that the Wilson Doctrine applies only to targeted, and not
incidental, interception of Parliamentary communications, but that it has no legal effect, save that in practice the Security and Intelligence Agencies must comply with their own Guidance,
which has now been disclosed in the Judgment.

10. There are relevant passages in the Codes, to which we are satisfied the Home Secretary was referring: the Interception of Communications Code of Practice pursuant to Section 71 of RIPA in force until this year ("the Code") does not make express reference to communications between parliamentarians and their constituents as being confidential, in that such communications are not listed among the examples given, but they are particularised in the new draft Code which has been de facto in operation since the beginning of this year, and complied with by the Security and Intelligence Agencies, although it has been the subject of consultation and has not yet been put before or approved by Parliament ("the Draft Code").

Liberty/Privacy provides, particularly having regard to the well-established proposition as to the reduced foreseeability required in the field of national security, a sufficient and adequate system for ECHR purposes, and one which does not require the Wilson Doctrine to underlie it. Unlike journalists' and lawyers' communications, there is no ECHR authority for enhanced protection for parliamentarians. There are very good reasons, as Sir Swinton Thomas pointed out, for parliamentarians not being treated differently from other citizens. The s.5 RIPA criteria and the approved interception regimes, including other statutory provisions for the respective Agencies, impose and signal a high threshold for interception. It is not necessary for this Tribunal to make new law. Moreover any attempt to do so would entail inventing a new code to define the types of communications covered and where lines are to be drawn. The Wilson Doctrine, as now enunciated and put into effect, highlights a need for caution and circumspection in respect of parliamentarians' communications. But such caution and circumspection will be called for in respect of many other types of confidential and sensitive private communications, which come to be considered under the interception regimes.

Answers to the preliminary issues

33. The Tribunal accordingly answers the preliminary issues attached to this judgment as follows:

i) The Wilson Doctrine does not apply to s.8(4) warrants at the stage of issue.

ii) It applies to targeted, but not incidental, interception of parliamentarians' communications both in respect of s.8(1) warrants at date of issue and in respect of s.8(4) warrants at the date of accessing/selecting such communications.

iii) The Wilson Doctrine does not operate so as to create a substantive legitimate expectation.

iv) The Wilson Doctrine has no legal effect, but in practice the Agencies must comply with the Draft Code and with their own Guidance.

v) The regime for the interception of parliamentarians' communications is in accordance with the law under Article 8(2) and prescribed by law under Article 10(2), in particular by reference to s.5(3) of RIPA.

34. MPs' communications with their constituents and others are protected, like those of every other person, by the statutory regime established by Part 1 of RIPA 2000. The critical control is the requirement for a Secretary of State's warrant, which can only be issued if the requirements of Section 5 are satisfied. That regime is sufficient to protect such communications and nothing further is required by the ECHR.

It would be truer to say that

"MPs'communications with their constituents and others are unprotected, like those of every other person"

and

"That regime is insufficient to protect such communications"

What now, that the Wilson Doctrine is effectively dead ?

There is a 3 hour Emergency Debate in the House of Commons on the Wilson Doctrine from some time after 14:30, tomorrow Monday 19th October 2015.

Will Her Majesty's Opposition hold the Government to account over this shoddy deception ? Or will the Corbynistas be overshadowed by the Scottish Nationalists ? Will the handful of Conservative MPs who seem to care about liberty and privacy and freedom have any effect on the Government ?

At a guess the Government will pretend that the the still only Draft Code of Practice is somehow important, even though it is the "incidental interception" on a massive industrial scale by GCHQ and our 5 Eyes intelligence foreign agency partners which is the threat to the privacy of a Constituent's emails or mobile phone or landline phone or postal communications with their Member of Parliament.

How can an MP be trusted with any sensitive personal or legal or whistleblower information, from their Constituents, especially if it pertains to a complaint against or wrongdoing by a branch of the UK Government, when there is no legal protection for such communications at all ?

OPSEC and COMSEC training for MPs etc.

The Open Rights Group has offered to help to train Members of Parliament (and other UK elected representatives not covered by the Wilson Doctrine in the Scottish Parliament, Welsh Assembly, Northern Ireland Assembly and the European Parliament) in the sort of secure digital communications techniques involving risk assessment, personal computers and smartphones etc. which journalists and political activists have had to resort to

These same techniques can be used to help to hide MPs' shady private and business lives, but that is a price worth paying for access to our democratically elected representatives, without UK or other Government snooping.

Spy Blog has some experience with organising and teaching at CryptoParty events in London and even started to organise one for MPs, Peers or their staff in the last Parliament, until it became obvious that MPs didn't care about such things, by rushing the badly scrutinised Data Retention and Investigatory Powers Act through in an unnecessary hurry.

Perhaps there will be more interest in such techniques by our elected representatives after this Wilson Doctrine debacle.

Unless and until Members of Parliament who criticise the Government over the Wilson Doctrine start to do things like using and publishing a PGP / GPG Public Encryption Key for their Constituency or Campaign business, nothing will change, and the public will become even more alienated from untrustworthy politicians and bureaucrats.

Police Oracle announced that Commissioner of the City of London Police Adrian Leppard has announced his retirement. Will this come in to effect before the Investigatory Powers Bill is scrutinised by Parliament in the autumn ?

It is therefore very peculiar that Commissioner Adrian Leppard should put his name to this New York Times Op Ed article, attacking Apple and Google mobile phone handset encryption. How many billions of pounds of UK economic secrets are protected by such
encryption on mobile phones belonging to City of London financial industry workers ?

Commissioner Leppard should be collecting hard evidence of the numbers and types of of mobile phones his officers have actually seized as evidence and the numbers reported lost or stolen, with and without strong encryption enabled (N.B. only recent versions of Android can do this and the feature is not switched on by default)
so that he can inform the Investigatory Powers Bill scrutiny with some facts rather than cherry picked handwaving examples, which is the usual inadequate or deliberately deceitful Home Office and Police

Cyrus Vance Jr. , clearly the main author of this article, is the son of the Washington political insider Cyrus Vance who is associated with several US Foreign Policy disasters such as the end of the Vietnam war and the Iran hostage crisis.

Like previous New York public prosecutors (these are political appointments), he may well be trying to stir up political support for a future political career, like Rudy Guiliani

In June, a father of six was shot dead on a Monday afternoon in Evanston, Ill., a suburb 10 miles north of Chicago. The Evanston police believe that the victim, Ray C. Owens, had also been robbed. There were no witnesses to his killing, and no surveillance footage either.

With a killer on the loose and few leads at their disposal, investigators in Cook County, which includes Evanston, were encouraged when they found two smartphones alongside the body of the deceased: an iPhone 6 running on Apple's iOS 8 operating system, and a Samsung Galaxy S6 Edge running on Google's Android operating system. Both devices were passcode protected.

An Illinois state judge issued a warrant ordering Apple and Google to unlock the phones and share with authorities any data therein that could potentially solve the murder. Apple and Google replied, in essence, that they could not -- because they did not know the user's passcode.

The homicide remains unsolved. The killer remains at large.

Until very recently, this situation would not have occurred.

Last September, Apple and Google, whose operating systems are used in 96 percent of smartphones worldwide, announced that they had re-engineered their software with "full-disk" encryption, and could no longer unlock their own products as a result.

According to Apple's website: "On devices running iOS 8.0 ... Apple will not perform iOS data extractions in response to government search warrants because the files to be extracted are protected by an encryption key that is tied to the user's passcode, which Apple does not possess."

A Google spokeswoman said, "Keys are not stored off of the device, so they cannot be shared with law enforcement."

Now, on behalf of crime victims the world over, we are asking whether this encryption is truly worth the cost.

Not only is this strong encryption worth the cost, there should, in fact be much more of it, switched on by default.

Between October and June, 74 iPhones running the iOS 8 operating system could not be accessed by investigators for the Manhattan district attorney's office -- despite judicial warrants to search the devices. The investigations that were disrupted include the attempted murder of three individuals, the repeated sexual abuse of a child, a continuing sex trafficking ring and numerous assaults and robberies.

Criminal defendants have caught on. Recently, a suspect in a Manhattan felony, speaking on a recorded jailhouse call, noted that "Apple and Google came out with these softwares" that the police cannot easily unlock.

Apple, Google and other proponents of full-disk encryption have offered several rationales for this new encryption technology. They have portrayed the new policy as a response to the concerns raised by Edward J. Snowden about data collection by the National Security Agency. They say full-disk encryption makes devices generally more secure from cybercrime. And they assert that, if the companies had master encryption keys, then repressive governments could exploit the keys.

These reasons should not be accepted at face value. The new Apple encryption would not have prevented the N.S.A.'s mass collection of phone-call data or the interception of telecommunications, as revealed by Mr. Snowden. There is no evidence that it would address institutional data breaches or the use of malware. And we are not talking about violating civil liberties -- we are talking about the ability to unlock phones pursuant to lawful, transparent judicial orders.

The NSA is not the only threat to privacy and security, how would Vance & his co-signatories protect our privacy and financial information from criminals and terrorists and hostile foreign intelligence agencies who may steal or access such secrets held on mobile phone handsets ?

In the United States, Britain, France, Spain and other democratic societies, the legal system gives local law enforcement agencies access to places where criminals hide evidence, including their homes, car trunks, storage facilities, computers and digital networks.

Carved into the bedrock of each of these laws is a balance between the privacy rights of individuals and the public safety rights of their communities. For our investigators to conduct searches in any of our jurisdictions, a local judge or commissioner must decide whether good cause exists. None of our agencies engage in bulk data collection or other secretive practices. We engage in targeted requests for information, authorized after an impartial, judicial determination of good cause, in which both proportionality and necessity are tested.

Nonsense. There is is no independent judicial warrant involved in most UK mobile phone handset searches or seizures - these are self authorised by the UK police themsleves.

It is this workable balance that proscribes the operations of local law enforcement in our cities, and guides our residents in developing their expectations of privacy. But in the absence of laws that keep pace with technology, we have enabled two Silicon Valley technology companies to upset that balance fundamentally.

The Evanston case is just one example. In France, smartphone data was vital to the swift investigation of the Charlie Hebdo terrorist attacks in January, and the deadly attack on a gas facility at Saint-Quentin-Fallavier, near Lyon, in June. And on a daily basis, our agencies rely on evidence lawfully retrieved from smartphones to fight sex crimes, child abuse, cybercrime, robberies or homicides.

Note the weasel words "smartphone data" - this is not SmartPhone handset encrypted data held on the internal or external microSD card or in the local address book or locally saved SMS message which is what the rest of this article is talking about.

Over the air SmartPhone metadata may have been used in the hunt for the Charlie Hebdo murderers (who brazenly called TV news stations whilst on the run), but there are no reports of any mobile phone handset encryption being used at all.

The murderers had been under full telephone monitoring and intercept for months previously, with nothing to alert the authorities.

It turns out the wives of the murderers had been in contact with each other hundreds of times, but the murderers themselves had stuck to face to face meetings.

Full-disk encryption significantly limits our capacity to investigate these crimes and severely undermines our efficiency in the fight against terrorism. Why should we permit criminal activity to thrive in a medium unavailable to law enforcement? To investigate these cases without smartphone data is to proceed with one hand tied behind our backs.

Nonsense. None of the Mobile Phone network generated calling pattern or physical location metadata is affected by "full disk encryption" - none of it is actually stored on the SmartPhone handset anyway. This is all accessible to law enforcement with a judicial warrant, or, in the UK, without one at all.

The new encryption policies of Apple and Google have made it harder to protect people from crime. We support the privacy rights of individuals. But in the absence of cooperation from Apple and Google, regulators and lawmakers in our nations must now find an appropriate balance between the marginal benefits of full-disk encryption and the need for local law enforcement to solve and prosecute crimes. The safety of our communities depends on it.

Cyrus R. Vance Jr. is the Manhattan district attorney. François Molins is the Paris chief prosecutor. Adrian Leppard is the commissioner of the City of London Police. Javier Zaragoza is the chief prosecutor of the High Court of Spain.

Last week the US Government admitted to a second massive security failure within a year at the Office of Personnel Management, which holds human resources details on all 4 million or so current and former Federal Government employees.

These systems appear to have been hacked for over a year and most if not all of the data has been exfiltrated, allegedly to China (not a firm attribution, given how easy it is to leave fake clues in malware).

However, things are much, much worse than mere "identity theft". It is now reported that the copied data includes the completed SF86 Questionnaire for National Security Positions forms (127 pages 7.4Mb .pdf also mirrored here in case you are blocked from accessing a US government website) and perhaps the results of Background Information interviews and checks for the highest levels of security clearances, not just for ordinary Federal bureaucrats, but also for Intelligence Agency personnel.

It should be obvious how a Foreign Intelligence agency could be assisted in finding potential sources / agents / traitors to suborn, through bribery or blackmail or appeals to ideology or religion, who have listed their financial, marital, medical or other personal details and problems on such forms.

It should be obvious how a Foreign Counter Intelligence Agency could use the information revealed in this form on relatives and contacts living abroad, as well as the Passport or ID Card numbers of the applicants for security clearance and those of their families.

Given the closeness of the Intelligence Agencies of the United Kingdom and the United States of America, it is not unreasonable to ask:

1) When was the UK government informed of the OPM security breach ? The admission came only last week, but the breach appears to have been discovered in April and the security breaches seem to have been active for over a year.

2) How many UK nationals holding US security clearances are affected ?

3) What is the UK government doing to protect them ?

4) Given the similar nature of United Kingdom security vetting systems i.e. an allegedly secure Web Portal, a long and complicated Security Vetting form submitted online (possibly insecurely due to the reliance on an Adobe plug-in which only worked in insecure versions of Microsoft Internet Explorer - only changed recently) and a back end Oracle database, what evidence rather than mere assertions, is there that UK systems like the Defence Business Services National Security Vetting Portal has not been attacked and similarly compromised ?

5) Who, if anyone, has audited the UK systems in the light of the OPM disaster and when will their report be published ?

N.B. This should be a task that the Intelligence and Security Committee should have been working on, but they stopped working 2 months before the General Election and a new Committee has still not yet been appointed.

6) Given the push for cost savings and a possible rationalisation of the disparate GCHQ, Security Service MI5 and Secret Intelligence Service SIS/MI6 security vetting systems onto a common platform, as recommended by the Intelligence and Security Committee Annual Report 2011 pages 79 - 80, is it safe to do so ?

7) Why isn't the Government pro-actively reassuring the public about these National Security worries by ordering independent security penetration tests of these systems right now, and publishing the outcomes (but obviously not any detailed vulnerabilities found) instead of their lazy and corrupt policy of Neither Confirm Nor Deny ?

8) Why aren't professional journalists and Parliamentarians holding the Government to account by asking such questions instead of Spy Blog ?

About this blog

This United Kingdom based blog attempts to draw public attention to, and comments on, some of the current trends in ever cheaper and more widespread surveillance technology being deployed to satisfy the rapacious demand by state and corporate bureaucracies and criminals for your private details, and the technological ignorance of our politicians and civil servants who frame our legal systems.

The hope is that you the readers, will help to insist that strong safeguards for the privacy of the individual are implemented, especially in these times of increased alert over possible terrorist or criminal activity. If the systems which should help to protect us can be easily abused to supress our freedoms, then the terrorists will have won.

We know that there are decent, honest, trustworthy individual politicians, civil servants, law enforcement, intelligence agency personnel and broadcast, print and internet journalists etc., who often feel powerless or trapped in the system. They need the assistance of external, detailed, informed, public scrutiny to help them to resist deliberate or unthinking policies, which erode our freedoms and liberties.

Email & PGP Contact

Please feel free to email your views about this blog, or news about the issues it tries to comment on.

Our PGP public encryption key is available for those correspondents who wish to send us news or information in confidence, and also for those of you who value your privacy, even if you have got nothing to hide.

We wiil use this verifiable public key (the ID is available on several keyservers, twitter etc.) to establish initial contact with whistleblowers and other confidential sources, but will then try to establish other secure, anonymous communications channels, as appropriate.

Current PGP Key ID: 0x122B3C4FD0BD0FB3 which will expire on 1st October 2018.

You can download a free copy of the PGP encryption software from www.pgpi.org
(available for most of the common computer operating systems, and also in various Open Source versions like GPG)

We look forward to the day when UK Government Legislation, Press Releases and Emails etc. are Digitally Signed so that we can be assured that they are not fakes. Trusting that the digitally signed content makes any sense, is another matter entirely.

Hints and Tips for Whistleblowers and Political Dissidents

Please take the appropriate precautions if you are planning to blow the whistle on shadowy and powerful people in Government or commerce, and their dubious policies. The mainstream media and bloggers also need to take simple precautions to help preserve the anonymity of their sources e.g. see Spy Blog's Hints and Tips for Whistleblowers - or use this easier to remember link: http://ht4w.co.uk

Statewatch - monitoring the state and civil liberties in the European Union

The Policy Laundering Project - attempts by Governments to pretend their repressive surveillance systems, have to be introduced to comply with international agreements, which they themselves have pushed for in the first place

House of Lords - The Law Lords are currently the supreme court in the UK - will be moved to the new Supreme Court in October 2009.

Information Tribunal - deals with appeals under FOIA, DPA both for and against the Information Commissioner

Investigatory Powers Tribunal - deals with complaints about interception and snooping under RIPA - has almost never ruled in favour of a complainant.

Parliamentary Opposition

The incompetent yet authoritarian Labour party have not apologised for their time in Government. They are still not providing any proper Opposition to the current Conservative - Liberal Democrat coalition government, on any freedom or civil liberties or privacy or surveillance issues.

UK Government

Home Office - "Not fit for purpose. It is inadequate in terms of its scope, it is inadequate in terms of its information technology, leadership, management systems and processes" - Home Secretary John Reid. 23rd May 2006. Not quite the fount of all evil legislation in the UK, but close.

NIR and ID cards

Stand - email and fax campaign on ID Cards etc. [Now defunct]. The people who supported stand.org.uk have gone on to set up other online tools like WriteToThem.com. The Government's contemptuous dismissal of over 5,000 individual responses via the stand.org website to the Home Office public consultation on Entitlement Cards is one of the factors which later led directly to the formation of the the NO2ID Campaign who have been marshalling cross party opposition to Labour's dreadful National Identity Register compulsory centralised national biometric database and ID Card plans, at the expense of simpler, cheaper, less repressive, more effective, nore secure and more privacy friendly alternative identity schemes.

CommentOnThis.com - comments and links to each paragraph of the Home Office's "Strategic Action Plan for the National Identity Scheme".

De-Materialised ID - "The voluntary alternative to material ID cards, A Proposal by David Moss of Business Consultancy Services Ltd (BCSL)" - well researched analysis of the current Home Office scheme, and a potentially viable alternative.

Surveillance Infrastructures

CameraWatch - independent UK CCTV industry lobby group - like us, they also want more regulation of CCTV surveillance systems.

Every Step You Take a documentary about CCTV surveillance in the Uk by Austrian film maker Nino Leitner.

Transport for London an attempt at a technological panopticon - London Congestion Charge, London Low-Emission Zone, Automatic Number Plate Recognition cameras, tens of thousands of CCTV cameras on buses, thousands of CCTV cameras on London Underground, realtime road traffic CCTV, Iyster smart cards - all handed over to the Metropolitan Police for "national security" purposes, in real time, in bulk, without any public accountibility, for secret data mining, exempt from even the usual weak protections of the Data Protection Act 1998.

Eeclaim Your DNA from Britain's National DNA Database - model letters and advice on how to have your DNA samples and profiles removed from the National DNA Database,in spite of all of the nureacratic obstacles which try to prevent this, even if you are innocent.

Bloggerheads: The Alisher Usmanov Affair - the rich Uzbek businessman and his shyster lawyers Schillings really made a huge counterproductive error in trying to censor the blogs of Tim Ireland, of all people.

World's First Fascist Democracy - blog with link to a Google map - "This map is an attempt to take a UK wide, geographical view, of both the public and the personal effect of State sponsored fear and distrust as seen through the twisted technological lens of petty officials and would be bureaucrats nationwide."

Panopticon blog - by Timothy Pitt-Payne and Anya Proops. Timothy Pitt-Payne is probably the leading legal expert on the UK's Freedom of Information Act law, often appearing on behlaf of the Information Commissioner's Office at the Information Tribunal.

Georgetown Security Law Brief - group blog by the Georgetown Law Center on National Security and the Law , at Georgtown University, Washington D.C, USA.

Big Brother Watch - well connected with the mainstream media, this is a campaign blog by the TaxPayersAlliance, which thankfully does not seem to have spawned Yet Another Campaign Organisation as many Civil Liberties groups had feared.

Spy on Moseley - "Sparkbrook, Springfield, Washwood Heath and Bordesley Green. An MI5 Intelligence-gathering operation to spy on Muslim communities in Birmingham is taking liberties in every sense" - about 150 ANPR CCTV cameras funded by Home Office via the secretive Terrorism and Allied Matters (TAM) section of ACPO.

FitWatch blog - keeps an eye on the activities of some of the controversial Police Forward Intelligence Teams, who supposedly only target "known troublemakers" for photo and video surveillance, at otherwise legal, peaceful protests and demonstrations.

Other Links

Free Gary McKinnon - UK citizen facing extradition to the USA for "hacking" over 90 US Military computer systems.

Parliament Protest - information and discussion on peaceful resistance to the arbitrary curtailment of freedom of assembly and freedom of speech, in the excessive Serious Organised Crime and Police Act 2005 Designated Area around Parliament Square in London.

Syndicate this site (XML):

Follow Spy Blog on Twitter

Please bear in mind the many recent, serious security vulnerabilities which have compromised the Twitter infrastructure and many user accounts, and Twitter's inevitable plans to make money out of you somehow, probably by selling your Communications Traffic Data to commercial and government interests.

June 2017

UK Legislation

The United Kingdom suffers from tens of thousands of pages of complicated criminal laws, and thousands of new, often unenforceable criminal offences, which have been created as a "Pretend to be Seen to Be Doing Something" response to tabloid media hype and hysteria, and political social engineering dogmas. These overbroad, catch-all laws, which remove the scope for any judicial appeals process, have been rubber stamped, often without being read, let alone properly understood, by Members of Parliament.

The text of many of these Acts of Parliament are now online, but it is still too difficult for most people, including the police and criminal justice system, to work out the cumulative effect of all the amendments, even for the most serious offences involving national security or terrorism or serious crime.

Foreign Spies / Intelliegence Agencies in the UK

It is not just the UK government which tries to snoop on British companies, organisations and individuals, the rest of the world is constantly trying to do the same, regardless of the mixed efforts of our own UK Intelligence Agencies who are paid to supposedly protect us from them.

Presumably every mainstream media organisation, intelligence agency, serious organised crime or terrorist gang keeps historical copies, so here are some older versions of the London Diplomatic List, for the benefit of web search engine queries, for those people who do not want their visits to appear in the FCO web server logfiles or those whose censored internet feeds block access to UK Government websites.

Campaign Button Links

Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.

FreeFarid.com - Kafkaesque extradition of Farid Hilali under the European Arrest Warrant to Spain

Parliament Protest blog - resistance to the Designated Area restricting peaceful demonstrations or lobbying in the vicinity of Parliament.

The Big Opt Out Campaign - opt out of having your NHS Care Record medical records and personal details stored insecurely on a massive national centralised database.

Tor - the onion routing network - "Tor aims to defend against traffic analysis, a form of network surveillance that threatens personal anonymity and privacy, confidential business activities and relationships, and state security. Communications are bounced around a distributed network of servers called onion routers, protecting you from websites that build profiles of your interests, local eavesdroppers that read your data or learn what sites you visit, and even the onion routers themselves."

Home Office Watch blog, "a single repository of all the shambolic errors and mistakes made by the British Home Office compiled from Parliamentary Questions, news reports, and tip-offs by the Liberal Democrat Home Affairs team."

Cracking the Black Box - "aims to expose technology that is being used in inappropriate ways. We hope to bring together the insights of experts and whistleblowers to shine a light into the dark recesses of systems that are responsible for causing many of the privacy problems faced by millions of people."